Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Kneber Botnet Highlights Trend of Social Networking Data Being Used by Hackers

Researchers at NetWitness uncovered a 75,000-strong botnet that infected companies around the world. Among its targets - login credentials for Facebook, Yahoo and other sites. According to security pros, the botnet is part of a growing trend to use social networking sites as a stepping stone to steal valuable financial data.

WEBINAR:On-Demand

Researchers at NetWitness have uncovered a 75,000-strong botnet of systems infected with the notorious Zeus Trojan. But perhaps even more notable than its size is the data that it is targeting.

The botnet, which has touched 2,500 organizations throughout the world and been dubbed "Kneber" due to a username linking the infected systems, seeks to collect login credentials to online financial systems, social networking sites and email systems as well as other data that can be used by cyber-crooks.

Analyzing the botnet over a four-week period, NetWitness uncovered the theft of 68,000 credentials of various sorts. Leading this list of stolen data were user credentials for Facebook, Yahoo and hi5. According to security researchers, social networks have increasingly become a jumping off point for attackers looking to conduct survelliance on their targets. McAfee, for example, told eWEEK in January that social networks played a role in the Auroraattack that impacted Google and others last year.

Such information has its purposes. For example, answers to questions such as "what is your mother's maiden name" or "what street did you grow up on" can be used to remotely reset user passwords and access e-banking and other accounts, NetWitness noted in a paper on the botnet.

Further reading

"While targeting financial sites ultimately may result in financial gain for the miscreant, targeting logon credentials to social networks and e-mail gives them the 'keys to the castle'," according to the paper. "This personal information is pivotal for stealing identities and crafting very well targeted and convincing criminal and espionage campaigns.""Many security analysts tend to classify Zeus solely as a Trojan that steals banking information, but that viewpoint is na???ve," said Alex Cox, the principal analyst at NetWitness, in a statement. "When we began to detect the correlation among both the methodology used by the Kneber crew to attack victim machines and the wide variety of data sets harvested, it became clear that security teams must rethink their entire perspective on advanced threats such as Zeus and consider more diverse mission objectives."

The Zeus Trojan is widely available in the cyber-underground, and is one of the more common data-stealing pieces of malware used in financial attacks. Though NetWitness declined to name the organizations affected by Kneber, Egypt(19 percent), Mexico(15 percent), Saudi Arabia(13 percent), Turkey(12 percent) and the United States(11 percent) had the largest share of compromised systems. According to a report by the Wall Street Journal, the U.S.companies impacted by the botnet include Merck & Co., Paramount Pictures and Juniper Networks.

Also uncovered by NetWitness were 2,000 SSLcertificate files and dossier-level data sets on individuals, including complete dumps of entire identities from victim machines. According to the research, more than half the machines infected with Kneber were also infected with Waledac, suggesting a level of cross-crew collaboration in the cyber-underworld.

"It is 100 percent certain that many organizations have no idea they are victimized by these types of problems because they're just not tooled to see them on their networks," Cox said. "The Kneber botnet is just one category of advanced threat that organizations have been facing the past few years that they are still largely ignorant or blind to today."

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.